afb05580c6d56806bebb8c09cf22c2e445d84ea4379bbc5aeede655fd6540385

Analysis

max time kernel
172s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68bfc6434667ba2531cee60da0db5745_JaffaCakes118.apk
Size

4.5MB
MD5

68bfc6434667ba2531cee60da0db5745
SHA1

d69a79f727a05f5701689be384e279af50f0313c
SHA256

afb05580c6d56806bebb8c09cf22c2e445d84ea4379bbc5aeede655fd6540385
SHA512

c45f9dadbd277ce729f36a628b67843f12660afd10c4e0deacd7554ab4c208e980e596000a233abfb95fe95e2245955752472c42db679da6fcc0a2c235a5481c
SSDEEP

98304:zz/rkuKvx1Pvbh1V0VXjFtIAC4su54BzUkTENK7OunBUb50pw7Vd/Zv:DkBvbvj2/tI7x1BZ44OiBmRd/l

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.app.xianjinjisuda:remote

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.app.xianjinjisuda:remote
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.app.xianjinjisuda

description ioc process

File opened for read /proc/cpuinfo com.app.xianjinjisuda

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.app.xianjinjisuda:remote

description	ioc	process
File opened for read	/proc/cpuinfo	com.app.xianjinjisuda

Queries information about running processes on the device 1 TTPs 3 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.app.xianjinjisudacom.app.xianjinjisuda:pushservicecom.app.xianjinjisuda:remote

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.app.xianjinjisuda
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.app.xianjinjisuda:pushservice
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.app.xianjinjisuda:remote

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.app.xianjinjisuda

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.app.xianjinjisuda
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.app.xianjinjisuda:remote

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.app.xianjinjisuda:remote

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.app.xianjinjisuda

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.app.xianjinjisuda:remote

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.app.xianjinjisudacom.app.xianjinjisuda:pushservicecom.app.xianjinjisuda:remote

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.app.xianjinjisuda
Framework service call	android.app.IActivityManager.registerReceiver	com.app.xianjinjisuda:pushservice
Framework service call	android.app.IActivityManager.registerReceiver	com.app.xianjinjisuda:remote

Checks if the internet connection is available 1 TTPs 3 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.app.xianjinjisuda:pushservicecom.app.xianjinjisuda:remotecom.app.xianjinjisuda

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.app.xianjinjisuda:pushservice
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.app.xianjinjisuda:remote
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.app.xianjinjisuda

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.app.xianjinjisuda:pushservicecom.app.xianjinjisuda

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.app.xianjinjisuda:pushservice
Framework API call	javax.crypto.Cipher.doFinal	com.app.xianjinjisuda

com.app.xianjinjisuda
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4282

com.app.xianjinjisuda:pushservice
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4334

com.app.xianjinjisuda:remote
1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4368

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.app.xianjinjisuda/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.app.xianjinjisuda/databases/.ua/ua.db
Filesize
32KB

MD5
c66882aba5d9f2b090fc23535119646b

SHA1
9e4024ff14b75449404eec15b43fe4b4a3de09e4

SHA256
67cf3c807365383a79b65cc02ef481e3be133cddcc0c88a5c6b4c4427d721d90

SHA512
8f2de23fe6f4d474fd9fc2a64a31e5fa9da9f9909bead45c951b86adc85f37fe460aa2ace5dde8b2c3604f5498cb511dd80447bec268a2d5a3acb23a754d0e3c

Download Submit
/data/data/com.app.xianjinjisuda/databases/.ua/ua.db-journal
Filesize
181KB

MD5
1c0f1015e5d4b84e592f08dfe18a5dcf

SHA1
00fb2c5ec31dbd5cfd221c7b0ca5bc805183425f

SHA256
288b298a2c8672974631a943475f92840b92ecfbbf1a4efaa54c94e26b1e7c3e

SHA512
417eb44517e0f0570afd5e9b5b2d1584cdc78104dc36c77cefbe8f94e02a15705ef9662c4a69aadfd12279d1c00c8567550800427316b3e88e66413efac5756a

Download Submit
/data/data/com.app.xianjinjisuda/databases/.ua/ua.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.app.xianjinjisuda/databases/.ua/ua.db-wal
Filesize
8KB

MD5
18438f047881a166e167876f0bcd7823

SHA1
a8af9539c5f1d00a58c18a94916d2cffa810bb00

SHA256
0bebb705b7594781403b7aeea702ccf6f9d185441cd1ea663d0ca3f62ed923ef

SHA512
3b88b25eb2f68c452ec2fe6525ef9f92c340e0f6b5f7e1e258ce383bb0c63eeb33f0784305a96a169e7d52911dd317593e776eb091234ba30845e88f520b8de9

Download Submit
/data/data/com.app.xianjinjisuda/databases/.ua/ua.db-wal
Filesize
56KB

MD5
37d652c5013a16e4f6947732953b3821

SHA1
f6e1f62970735579171486d686eefad93f340424

SHA256
e9ff092b0ec63219931cc44be2e2af3796b5e157b335ef185b97c5775ec894eb

SHA512
116f2cc8fefb941918acd0315b0acef21df0f697449ae77212caaee3b86d49a560ef18ddb12f3c64748c7cceb2ab0b270d27d3eb8c34fd929da5fb405a0a7bb5

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db-journal
Filesize
512B

MD5
bfaf2d74341e1ff5bc4679c4bba3dca3

SHA1
5bdab6c1d9dfb30e75d97530a58f41ec0f782b17

SHA256
0d4b1407008fc6582981ce1d831f97b3c1a674acd3066de1c160bb052ed46d3a

SHA512
2fcdcf1cb8231b981f0993f8305df8dcf2244e4ae59072c7b083cdcd04427e3abf0ffe95d212008b88c45aa6815964c97e1cd6930e22be160ba3e4ecfb29d48b

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db-shm
Filesize
32KB

MD5
6d1aa3c19a86d398914a6d22bbf4e11c

SHA1
98d0566dbe9a317a252d576b395c72c510553c4d

SHA256
3634017429c1f802a3f1750dc07841a39f321ff687c7ecef114bceb9ff680418

SHA512
fcbf8e55d062f21fe70005651dff711ad3a97a8ba98d10d4db2775eecde15b0df117beed42f99bdf5a977f3b0fc3f2b61aa7f86df67e638ce0537a0b8f20de15

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db-wal
Filesize
16KB

MD5
695e33cd29de00e7a5c4f8f22bf8b3bd

SHA1
77ffa465e0cc286592e438c8cd3a85f255faf430

SHA256
b679acc1a501491378c768b79598633ad8e403b1af59b7ddda42e919c80f370c

SHA512
1eea4784dc8666ae9109318c7140238a7e99248d76fc580f7a5ceef4d5d0af7045b8d6c95f80fa98920763e2a63f4cfa9c74a10a258d2e1af0348432c993df95

Download Submit
/data/data/com.app.xianjinjisuda/databases/cc/cc.db-wal
Filesize
48KB

MD5
229e27dd2b3a22931f9cddd57a4f6104

SHA1
b8260007a516f60b2383f6e4f3abde62722be0e2

SHA256
56a85bc2aee5efc81cf7672f164aafc7d897756c19aace6fe55cfcd6e221e62d

SHA512
053f58c19fed66fcb27735533779051fa796a672dfb72a0ff276821eed447fa5a72f76b50ce9e1029b3b93db0f028900c7779d63184e8f6b05238c1449e02fb6

Download Submit
/data/data/com.app.xianjinjisuda/files/.um/um_cache_1716414697821.env
Filesize
1KB

MD5
87ba86e2a0de97546ff0ca4f811c6d80

SHA1
2f95652ddbce09e46647268a3491d722a47b3579

SHA256
616870c799e60afe504f9bc3b1681311652025eeb0966cb783a3da9f49206e58

SHA512
63030d1fd61de9a9a940c8a164425ee0fce9db3fd147089d69ac09b4bc840688d467b6d500b5c34e8b761cb6de789e08187fd774b4bc0c1faa1f44eea5e29604

Download Submit
/data/data/com.app.xianjinjisuda/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
cc631bb500f31d337f67b393b61341e8

SHA1
6f22adf434c86d7492aff78db08d18777ccc1b6d

SHA256
55e84be1a99114c2fe4e52c532c5f37ec5562a30693fedebc0cbc900708ed0a4

SHA512
4f6e5118fabfe5bbf4d206edfa164ec2fb2aec94649058d65d5ba519efea15c852ae49eadd616f5ca97c5a22c811be179936faa820a46ea465ab38c469ce00c0

Download Submit
/data/data/com.app.xianjinjisuda/files/exid.dat
Filesize
67B

MD5
7718ad13a47512ef43781e985693f1e1

SHA1
dda0233679bfb230d75269f9b144f7dc280b07ad

SHA256
11ca695c45b0a3f9ba8e61845594d88cd6c5948ed454e726f06cf5e34db88010

SHA512
b0ab3bd8baed40b8007a4de7ed1a4ccc77b1cc76fa0c62d21df8bbc6a8f6a7c9ac508752e79852d6d365846a55f7161c40dad7ce8dfc0c06ce8bc544b7cc4ad6

Download Submit
/data/data/com.app.xianjinjisuda/files/umeng_it.cache
Filesize
415B

MD5
b2c788678efcd15f8d7075a5fa8465fc

SHA1
7f8dd993c338da61b8739549f79640e0b00385c9

SHA256
d5c28094330b1aace119a8146de213cccc72c7fbc1da1f8d6c1dbb6c8f1e9486

SHA512
68dce1abf4a505577efff326cf774360bda944ab10aaa1499171f457d2db798099e9fad8bd85836552107e9f6b707fe386fa06982a429325c198dda9b5547d2c

Download Submit